379 matches found
WordPress YITH WooCommerce Wishlist plugin <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin YITH WooCommerce Wishlist versions = 4.5.0...
PT-2025-25683 · Yith · Yith Paypal Express Checkout For Woocommerce
Name of the Vulnerable Software and Affected Versions: YITH PayPal Express Checkout for WooCommerce versions 1.49.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions. Recommendations: For YITH PayPal Express Checkout for WooCommer...
WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin YITH PayPal Express Checkout for WooCommerce versions = 1.49.0...
CVE-2025-5238
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-5238
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-5238 YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-5238
CVE-2025-5238 affects the YITH WooCommerce Wishlist plugin for WordPress. The issue is a stored cross-site scripting (XSS) vulnerability in the id parameter present in versions up to and including 4.5.0, caused by insufficient input sanitization and output escaping. Exploitation requires authenti...
WordPress plugin YITH WooCommerce Wishlist 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-25485 · WordPress · Yith Woocommerce Wishlist
Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Wishlist plugin for WordPress versions up to, and including, 4.5.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacke...
CVE-2024-7846
YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts...
CVE-2024-32699
Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare.This issue affects YITH WooCommerce Compare: from n/a through = 2.37.0...
CVE-2024-34385
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Wishlist yith-woocommerce-wishlist.This issue affects YITH WooCommerce Wishlist: from n/a through = 3.32.0...
CVE-2024-0870
The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savemailstatus' and 'saveemailsettings' functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to...
CVE-2024-35698
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Tab Manager yith-woocommerce-tab-manager.This issue affects YITH WooCommerce Tab Manager: from n/a through = 1.35.0...
CVE-2024-35732
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH Custom Login yith-custom-login.This issue affects YITH Custom Login: from n/a through = 1.7.0...
CVE-2024-6799
The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...
CVE-2024-8665
The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
CVE-2024-35680
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.9.2...
CVE-2024-37943
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Ajax Product Filter yith-woocommerce-ajax-navigation.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through = 5.1.0...
CVE-2023-46635
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.2.0...